Bank-grade security and operations

Bank-Grade Security and Operations

When documents contain highly sensitive information, you can’t afford to take risks. Protecting your data is DocuSign’s top priority—that’s why we offer bank-grade security and operations. DocuSign’s comprehensive approach to security ensures the confidentiality, integrity, availability, authenticity and enforceability of your DocuSign transactions.

DocuSign’s bank-grade security and operations provide:

  • xDTM compliance - the highest standard of global information security and operations to protect your digital transactions
  • Full document encryption to ensure the confidentiality of your data
  • Robust anti-tamper controls so you can count on the integrity of your DocuSigned documents
  • Redundant, geo-diverse data centers so your critical documents are backed up and always available
  • The most authentication options to confirm the identity of all transacting parties
  • Strongest level of enforceability and non-repudiation of your transactions

Unmatched security credentials

DocuSign meets and exceeds the most stringent US, EU, and global security standards. No other Digital Transaction Management (DTM) company can match the enterprise security and operations investments DocuSign has made—and third-party audit reports back it up. DocuSign is the only eSignature provider to be xDTM, ISO 27001 and SSAE 16 certified and tested internationally, across the entire company and its data centers. › Learn More

Keeps documents confidential

Only DocuSign provides full document encryption to ensure the confidentiality of your data. Documents stored in our ISO 27001 and SSAE 16 data centers are encrypted with the AES-256 standard and uses 256-bit SSL document transmission.

Only you and those you authorize have access to your documents. Your content stays confidential, including from DocuSign—employees never have access to your content. Rest assured that your personal information is safe with DocuSign. Your data is your data—DocuSign will never sell your information. › Learn More

Ensures document integrity

DocuSign employs strong anti-tamper controls to prevent any alteration of your signature or your documents. Our SHA-1 hashing verifies documents have not been modified and our PKI digital certificate technology secures documents and signatures with tamper-evident seals.

Leading system availability

DocuSign is the only DTM company with redundant and geo-diverse datacenters, including a disaster recovery facility, to ensure the highest levels of service availability. As a result of DocuSign’s continued investment in infrastructure, we are able to eliminate maintenance downtime and offer continuous availability, which ensures the highest level of data integrity and system resiliency. With DocuSign, your business critical documents are backed up and always available. › Learn More

Allows most authentication options

Many financial services, insurance, and healthcare companies use DocuSign’s advanced authentication methods to validate identity of all transacting parties, including texting an SMS code to another device, answering “secret knowledge” questions, and voice authorization.

Enforceability and non-repudiation of transactions

Our court admissible, digitally signed and tamper evident Certificate of Completion contains a comprehensive audit trail with signing parties’ names, digital signatures, email addresses, public IP addresses, chain of custody sent, viewed, signed, etc., timestamps, signing location (if provided) and more. DocuSign is willing to attest to the validity of DocuSigned documents, allowing DocuSign to warrant compliance with the ESIGN Act—the only eSignature company to do so. › Learn More

Full-time security team

DocuSign has invested heavily in a full-time security team, comprised of senior executives and led by a Chief Information Security Officer (CISO). The team oversees DocuSign’s comprehensive security protocol and conducts mandatory annual security training for all employees. DocuSign works closely with leading security experts to continually monitor the security landscape and evolve our security strategy.

Dedicated trust center

Only DocuSign maintains a Trust Center as the source for DocuSign’s latest security, system performance and availability information.

› Learn More

Each component of our trusted platform—Applications & Access, and Transmission & Storage, Hardware & Infrastructure, Systems & Operations—undergoes tremendous security scrutiny. See the key tenets of the DocuSign platform below:

Applications & access

  • Formal code reviews and vulnerability mitigation by third parties
  • Application level Advanced Encryption Standard (AES) 256 bit encryption
  • Key Management & Encryption Program
  • Enterprise-grade malware protection
  • Digital audit trail
  • Multiple authentication mechanisms

Transmission & storage

  • Secure, private SSL 256 bit viewing session
  • Anti-tamper controls
  • Signature verification of signing events
  • Unalterable, systematic capture of signing data
  • Digital certificate technology
  • Customer configurable data retention program

Hardware & infrastructure

  • Three geo-dispersed, ISO 27001 certified and SSAE 16 audited datacenters
  • Near real-time secure data replication and encrypted archival
  • 365x24x7 on-site security
  • Annual Business Continuity Planning (BCP) & Disaster Recovery (DR) testing
  • Third-party penetration testing

Systems & operations

  • Physically and logically separate networks
  • Two-factor, encrypted VPN access
  • Professional, commercial grade firewalls and border routers
  • Distributed Denial of Service (DDoS) mitigation
  • Active monitoring and alerting